4 matches found
CVE-2026-44478
hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...
CVE-2026-44478 hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token
hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...
PT-2026-40829
Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.4.0 Description An information disclosure issue exists where the 'GET /v1/onboarding/config' endpoint leaks infrastructure secrets in plaintext to unauthenticated users. This occurs specifically when the...
EUVD-2026-26474
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...